[Oisf-users] file truncated
Miso Mijatovic
mmijatovic at sorint.it
Tue Apr 21 16:05:12 UTC 2015
Hi,
> Have you done any tuning of the suricata.yaml?
yes, in addition to
stream.checksum_validation no
stream.reassembly.depth 0
libhtp.default-config.request-body-limit 0
libhtp.default-config.response-body-limit 0
i commented the part about eth0 in the afpacket section because it is not a traffic interface;
i enabled the file-store (with force md5,force magic and waldo) and file-log (with force md5 and force magic);
i increased the stream memcap from default 32mb to 128mb;
i decreased the reassembly memcap from default 128mb to 64mb.
> What type of traffic and how much of it are you inspecting on what HW ?
I am inspecting 80/90 Mb of clients normal internet traffic, my hw have 12 Gb RAM on 8 processors.
Regards,
Miso Mijatovic
More information about the Oisf-users
mailing list